What is stupid is not to provide free certs for malicious web sites, what was stupid is telling people for years that they would be safe and could trust a website only because there was a lock icon on the url bar.